Cybersecurity

Sponsored
by

Cybersecurity / Recently Commented

Beyond WHOIS: Rethinking Domain Verification in a Post-GDPR World

The introduction of GDPR in 2018, and the subsequent tightening of privacy regulations around the world, was a necessary step toward protecting user data. Consumers gained critical rights over their personal information, and companies were forced to adopt stronger standards for how they collect, store, and use that data. However, one unintended consequence has been the erosion of access to domain registration information once easily available through WHOIS databases. more

Reporting To God

"GOD, at least in the West, is often represented as a man with a flowing beard and sandals. Users of the Internet might be forgiven for feeling that nature is imitating art — for if the Net does have a god he is probably Jon Postel" (The Economist, Feb. 1997) David W. Maher, Senior Vice President, Law and Policy of Public Interest Registry (PIR) offers his reminiscence of the early days of the Internet and attempts made to restructure the Domain Name System — an article he has entitled 'Reporting to God'. more

Cyber Resilience Resources Restructuring

Information and Communications (ICT) infrastructures rely on many globally shared critical resilience information resources for diverse essential functions such as identifiers, routing, and cyber security. However, this ICT ecosystem has rapidly become significantly less stable and collaborative with dramatically diminished respect for legal norms and values because of the new USA national Administration. The instability includes the vicarious, wholesale removal of essential public safety and scientific databases, as well as global collaboration with multiple global UN public safety bodies. One result is the scaling of Digital Sovereignty initiatives. more

The End of the Road: ICANN, Whois, and Regulation

There's a well-documented crisis facing the domain name system: very few who rely on domain name registration data from the Whois database to perform vital functions can do so any longer, which is escalating consumer harm and abuse on the internet worldwide. And the problems, thanks to ICANN's overly restrictive policy post-GDPR and a failing policy process, are piling up. more

The Digital Sovereignty Ecosystem

The terms Digital Sovereignty or Souveraineté numérique have recently risen in prominence to describe the international rule of law as it applies to information and communication technologies. At a time when disinformation is proliferating and the rule of law, democracy, and human rights, together with long-standing relationships, are being cast aside, digital sovereignty is scaling in importance as a key defensive measure among many nations. more

Celebrating 167 Years of Public International Law for Cyber Security

On 30 September 1850 at Dresden, the first international treaty was issued among the first sovereign nations to internet their national electronic communication networks. It was known as the Dresden Convention, and culminated several weeks hammering out basic requirements and techniques to implement an internet spanning the Austro-German European continent at the time, and established a continuing "Union" of signatories to evolve the provisions of the treaty. more

India Launches ‘.bank.in’ and ‘.fin.in’ Domains to Deter Financial Fraud

In a bid to bolster cybersecurity in India's financial sector, the Reserve Bank of India (RBI) has announced exclusive internet domains -- 'bank.in' for registered banks and 'fin.in' for non-banking financial entities. RBI Governor Sanjay Malhotra revealed that registrations for 'bank.in' will commence in April 2025, followed by 'fin.in', with the initiative aimed at reducing phishing attempts and fortifying digital banking trust. more

A Collision Between Tech Policy and Foreign Policy: the UN Cybercrime Convention

Sometime by year-end, the UN General Assembly (UNGA) will vote on the proposed UN Convention Against Cybercrime. The treaty is opposed by most civil liberties organizations and Internet businesses, although the US position appears uncertain, mostly for reasons of foreign policy. more

Project 2025: The Internet and Cybersecurity

As the saying goes, elections have consequences. The consequences are underscored in the recent U.S. Presidential election and the potential impact on the Internet, infrastructure and cybersecurity. In the context of the CircleID global community, it seems worth asking where things are headed? It does beg for an analysis of what is actually proposed in Presidential Transition Project 2025 related to things internet and cybersecurity. more

NIS2 Article 28 Guidance: A Positive Step Toward Reducing DNS Abuse Across Europe

The European Union (EU) has set a high bar by tackling domain name system (DNS) abuse head on via government regulation and seems to have successfully resisted attempts to water down DNS stewardship obligations. Recent guidance from a key European Commission cooperation group (the NIS Cooperation Group) handling sections of the Network and Information Security Directive (NIS2) intends for a robust implementation of Article 28, which will go a long way toward helping to mitigate some of the longstanding problems that persist in the DNS. more

Alternative Insights on Article 28 of the NIS2 Directive

On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states. more

Demystifying Art. 28 NIS2

On December 14, 2022, the European Parliament adopted the Directive on measures for a high common level of cybersecurity across the Union (Directive (EU) 2022/2555) hereinafter referred to as "NIS2"), which was published in the official journal on December 27, 2022. Being a directive, NIS2 requires transposition into national law. According to Art. 41 of NIS2, the transposition into national law must take place by October 17, 2024 and the measures must be applied as of October 18, 2024. more

The FCC Cyber Trust Label Gambit: Part II

Sixty years ago, Paul Baran and Sharla Boehm at The RAND Corporation released a seminal paper that would fundamentally reshape the cyber world forever more. Their paper, simply known as Memorandum RM -- 1303, described how specialized computers could be used to route digital communications among a distributed universe of other computers. It set the stage for a flood of endless developments that resulted in the interconnected world of everything, everywhere, all the time. more

Millions of Smart Toothbrushes Hijacked in Cyberattack on Swiss Firm

Hackers have commandeered approximately three million smart toothbrushes, transforming them into a botnet for launching a DDoS (Distributed Denial of Service) attack against a Swiss company's website, causing significant financial losses. more

The Impact of the NIS2 Directive’s Article 28 on the DNS Industry

The European Union's Network and Information Security Directive (NIS1), introduced in 2016, aimed to strengthen cybersecurity among Member States. However, market fragmentation and growing digital threats led to the enactment of the NIS2 Directive.  more